Ghostscript is a program for displaying PostScript files, or printing themto non-PostScript printers.

Chris Evans from the Google Security Team reported a stack-based bufferoverflow flaw in Ghostscript's zseticcspace() function. An attacker couldcreate a malicious PostScript file that would cause Ghostscript to executearbitrary code when opened. (CVE-2008-0411)

These updated packages also fix a bug, which prevented the pxlmono printerdriver from producing valid output on Red Hat Enterprise Linux 4.

All users of ghostscript are advised to upgrade to these updated packages,which contain a backported patch to resolve these issues.

4. Solution:

Before applying this update, make sure that all previously-releasederrata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available athttp://kbase.redhat.com/faq/FAQ_58_10188